[Novalug] FC6 SELinux and disk replacement

Scott Musman musman at aug-sys.com
Fri Apr 6 18:01:53 EDT 2007 

Garrett,

I'm certainly not a selinux expert, but I've been looking into it more
recently as it's gotten "much" better, and we are developing a tool that
we use to monitor it's messages to detect misuse patterns.

The short answer to your question is that I'm guessing you have selinux
in "enforcing" mode, and so it is doing exactly what it is supposed to
be doing: by denying what it thinks is unauthorized file accesses. When
you restored your files, all of the selinux file-system labels got lost
and selinux now needs to relabel the new file system to reflect the
changes. Once that has been done it should stop denying your fs accesses
and you should be o.k. 

The URL below should help. See the last question..

http://optics.csufresno.edu/~kriehn/fedora/fedora_files/fc6/howto/selinux.html

Good luck,

		-- Scott

On Fri, 2007-04-06 at 17:04 -0400, Garrett Nievin wrote:
> Background:
> 
> I know diddlesquat about SELinux.
> 
> 
> Problem description:
> 
> I put a new hard disk in my laptop (another Hitachi which constantly 
> load/unloads the heads with that clicking noise under Linux until you 
> turn off power management with hdparm).
> 
> Anyway, I backed up the partitions with tar, formatted the new disk with 
> a couple of partitions, restored the partitions, and reinstalled grub 
> after tweaking the configuration a bit to allow for the partitions having 
> different numbers than before (e.g. root was hda2 because hda1 had been 
> some partition with Dell software on it; I didn't copy that partition, so 
> root is now hda1).  In retrospect, I'd have kept the same partition 
> numbers.
> 
> So, after I boot the first time, nobody can log in - permission denied on 
> running the shell.  I reboot into single user, thinking that I forgot to 
> set the proper permissions on the new / or /home filesystems, but all was 
> fine.  All the same, strace showed that login was failing with EACCES 
> when trying to execute /bin/bash at the end of a login sequence.
> 
> Eventually, I started syslogd and tried a login in single user mode.  As 
> soon as I do, I see:
> 
> Apr 5 20:46:43 woody kernel: audit(1175820403.735:9): avc:  denied { 
> entrypoint } for pid=1929 comm="sshd" name="bash" dev=hda1 ino=81954 
> scontext=user_u:system_r:hotplug_t:s0 
> tcontext=system_u:object_r:file_t:s0 tclass=file
> 
> The problem was revealed and I realized that I had no clue what to do 
> about it.  I used to have a clue, but sold it on Ebay.
> 
> I finally "solved" the problem by doing an upgrade of Fedora from the CD. 
> If the Internet was slow for you last night, that was me updating my 
> laptop and torrenting the FC7t3 DVD.
> 
> The box seems to be more or less working now (using it to write this), 
> but I'm still seeing messages like the ones below and I haven't given it 
> a thorough workout.
> 
> 1. What happened?  Anybody get the license plate of that truck?
> 
> 2. Is there a simple way to fix it? I'm inclined to install a new Linux 
> (maybe give Ubuntu another try) and just trash the root filesystem.  My 
> new hard disk gives me lots of room to play around.
> 
> Cheers,
> Garrett
> 
> 
> Current message sample:
> 
> audit(1175889449.336:263): avc:  denied  { append } for  pid=2082 
> comm="syslogd" name="spooler" dev=hda1 ino=1016124 
> scontext=system_u:system_r:syslogd_t:s0 
> tcontext=system_u:object_r:file_t:s0 tclass=file
> audit(1175889449.336:264): avc:  denied  { append } for  pid=2082 
> comm="syslogd" name="boot.log" dev=hda1 ino=1016125 
> scontext=system_u:system_r:syslogd_t:s0 
> tcontext=system_u:object_r:file_t:s0 tclass=file
> audit(1175889449.511:265): avc:  denied  { read } for  pid=2098 
> comm="mcstransd" name="config" dev=hda1 ino=115684 
> scontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:file_t:s0 tclass=file
> audit(1175889450.921:266): avc:  denied  { read } for  pid=2167 
> comm="cupsd" name="libgnutls.so.13" dev=hda1 ino=164759 
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:file_t:s0 tclass=lnk_file
> audit(1175889450.978:267): avc:  denied  { read } for  pid=2167 
> comm="cupsd" name="libgnutls.so.13" dev=hda1 ino=164759 
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:file_t:s0 tclass=lnk_file
> audit(1175889466.975:268): user pid=2110 uid=81 auid=4294967295 
> subj=system_u:system_r:initrc_t:s0 msg='avc:  denied  { send_msg } for 
> msgtype=method_call interface=org.freedesktop.DBus member=Hello 
> dest=org.freedesktop.DBus spid=2377 scontext=system_u:system_r:rpm_t:s0 
> tcontext=system_u:system_r:initrc_t:s0 tclass=dbus
> audit(1175889478.958:269): avc:  denied  { execmod } for  pid=2766 
> comm="Xorg" name="r200_dri.so" dev=hda1 ino=298429 
> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:file_t:s0 
> tclass=file
> audit(1175889520.900:270): avc:  denied  { execheap } for  pid=3027 
> comm="mono" scontext=user_u:system_r:initrc_t:s0 
> tcontext=user_u:system_r:initrc_t:s0 tclass=process
> 
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug

More information about the Novalug mailing list